Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A dos/ddos attack detection method

An attack detection and purpose technology, applied in the network field, to meet the real-time requirements and prevent harm

Inactive Publication Date: 2011-12-07
UNIV OF ELECTRONIC SCI & TECH OF CHINA
View PDF1 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the invention is to propose a DOS / DDOS attack detection method in order to solve the problems existing in the existing DoS / DDOS attack detection method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A dos/ddos attack detection method
  • A dos/ddos attack detection method
  • A dos/ddos attack detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] The present invention will be further elaborated below in conjunction with specific examples.

[0016] The DOS / DDOS attack detection method of the present invention firstly extracts the required traffic characteristic parameters, and calculates the information entropy, according to extracting the traffic characteristic parameters-determining the abnormal time point-determining the abnormal destination IP-identifying the abnormal flow and distinguishing the attack type The detection of DoS / DDoS attacks and the identification of abnormal flows are completed sequentially. The specific flow diagram is as follows figure 1 shown.

[0017] Specifically include the following steps:

[0018] S1. Obtain flow data in the network from network devices, and extract flow characteristic parameters from the flow data;

[0019] S2. Process the traffic characteristic parameters extracted in step S1, determine the abnormal time point, and expand according to the abnormal time point to fo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting a DOS / DDOS (denial of service / distributed denial of service) attack. The method comprises the following steps of: firstly extracting needed flow characteristic parameters from network stream data, determining abnormal time points and constructing a historical time window by analyzing the flow characteristic parameters, and then finding out first N destination IPs (internet protocols) with maximum flows for the abnormal time points, determining an abnormal destination IP by analyzing sub streams including all the selected destination IPs in the horizontal time window, and finally, confirming the attack and recognizing an abnormal stream. The method is different from a conventional packet-by-packet analyzing method, adapts to the characteristic of the huge flow of a backbone network, can meet the requirement on real-time performance in the abnormality detection of the Backbone Network, can detect the DoS / DDoS attack more precisely in the backbone network, and can recognize an attack stream in the backbone network, so that a network manager can set a router in time, filters the flow sent by an attacker, and prevents the flow from harming a destination host.

Description

technical field [0001] The invention belongs to the field of network technology, in particular to a DOS / DDOS attack detection method. Background technique [0002] Denial of Service (DoS) attack is a form of attack that prevents a computer or network from providing normal services by sending a large number of data packets. It may exhaust all available network resources or system resources of the attacked object in a short period of time, making legitimate user requests unable to pass through or be processed, thus hindering normal communication in the network and bringing huge damage to the attacked and even the network. harm. [0003] A distributed denial of service (Distributed Denial of Service, DDoS) attack is a covert denial of service attack, and the data packets in the attack come from different attack sources. Compared with DoS attacks, DDoS attacks have smaller traffic on a single link and are difficult to be detected by network devices, so they are easier to form....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06H04L12/56
Inventor 周颖杰马力胡光岷陈慧楠刘岩
Owner UNIV OF ELECTRONIC SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com